1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Awesome/Simple Way to Mask Referrer without Blanking It - Even in IE!

Discussion in 'Cloaking and Content Generators' started by thefish2010, Aug 1, 2009.

  1. thefish2010

    thefish2010 BANNED BANNED

    Joined:
    Jun 25, 2009
    Messages:
    668
    Likes Received:
    1,871
    I just figured this out....I'm sure I'm not the first person in the world, but it's the first I've seen of it after searching and searching. Tested and worked on Firefox 3, Internet Explorer 7/8/8 compatibility view, but should work across all browsers.

    The problem with double meta refresh, javascript redirects, and other types of referrer masking is that in IE you wind up with a blank referrer. That is usually very, very bad. Well, there is a very, very simple way to make your desired referrer appear across all browsers, including IE, without risk of leaking - ever :D.

    1) Your redirect page can consist of this, in its entirety:

    Code:
    <html>
    <head></head>
    <body onload="document.getElementById('go').submit();">
    <form action="AFFILIATE LINK HERE" method="get" id="go"></form>
    </body>
    </html>
    2) That's it. Whatever page this code is on will appear as the referrer. No leaking ever.

    You should probably link your blackhat links to a different page first, set a cookie or otherwise identify the user, and then only output the above code if the cookie is present, and if it isn't present put something very whitehat for your newly bewildered AM. I won't bother putting that code because there are numerous ways to accomplish it and they've been posted everywhere on here.

    Some of you may wonder why this simulates a form submission instead of a link click. The answer is that Firefox doesn't support the click() function for links. Yes, I could have put some more complex code for browser detection, then set onclick, the call it, etc. but there's no reason to. This works amazingly well across all browsers.

    Enjoy!
     
    • Thanks Thanks x 9
  2. zackster

    zackster Registered Member

    Joined:
    Jan 9, 2009
    Messages:
    66
    Likes Received:
    33
    It can leak the referrer on some browsers. And there is the problem of if the user doesn't have javascript enabled.
    Posted via Mobile Device
     
  3. thefish2010

    thefish2010 BANNED BANNED

    Joined:
    Jun 25, 2009
    Messages:
    668
    Likes Received:
    1,871
    Which browsers does this leak on? First, it doesn't make sense that it would leak, just from a programming perspective - it's a form submission. Second, I've now tested on:

    IE
    Chrome
    Safari
    Firefox
    Opera

    Worked beautifully - not a single leak anywhere. That's 5 browsers covering 99.9% of the market. If the user doesn't have javascript enabled, you can always display a link - it's a small percentage of people and we don't need their traffic. Redirect them to Yahoo.

    BTW, tested this on Opera/Chrome/Safari after I originally wrote that post. They don't leak the referrer, but Opera and Chrome want to append a ? to the url since its a form. All that means is that the form action needs to be a redirect page instead of going straight to the affiliate network, with the following code:

    Code:
    <?php header("Location:AFFILIATE LINK HERE");?>
    With those two pages (the form page and the redirect), it now works across the big 5 browsers with no referral leakage whatsoever.

    I'm using this myself, so if you could tell me which browsers it leaks on, I would like to know.
     
    • Thanks Thanks x 2
    Last edited: Aug 2, 2009
  4. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    I have not tested, but I cannot see how this whould leak....

    Great tip! Thank you.
     
  5. itsmemario

    itsmemario Newbie

    Joined:
    Aug 1, 2009
    Messages:
    1
    Likes Received:
    0
    I tested anthis has worked great for me, no leaks
     
  6. drkenneth

    drkenneth Executive VIP

    Joined:
    Nov 13, 2008
    Messages:
    285
    Likes Received:
    176
    Occupation:
    Developer/Entrepreneur
    Location:
    USA
    It's good to add a no-script tag for users that do not have javascript enabled. Something along the lines of:

    Code:
    <noscript>
    <input type="submit" value="Click to continue..." />
    </noscript>
    
    This will make the form submit (put it inside the <form> tags) thus giving the same referer.
     
  7. twinglet

    twinglet Newbie

    Joined:
    May 9, 2009
    Messages:
    10
    Likes Received:
    0
    very nice im using this, thanks lets merge it, had to firugue it out ;) html file with: and then a php file: but if java script is disabled, the button "click to continue..." will show, but its not clickable... aww well seems im not allowed to code :cool2:
     
  8. sm00th

    sm00th Junior Member

    Joined:
    Aug 9, 2009
    Messages:
    166
    Likes Received:
    12
    i guess im kinda lost on how this would used... someone feel like giving a small scenario? :)
     
  9. thefish2010

    thefish2010 BANNED BANNED

    Joined:
    Jun 25, 2009
    Messages:
    668
    Likes Received:
    1,871
    I posted some sample code on this a while ago here: http://www.blackhatworld.com/blackhat-seo/cloaking-content-generators/105601-get-cross-browser-referrer-cloaking-script-doesnt-blank.html

    It's pretty straightforward stuff. One suggestion I would offer that I have since implemented is using a different domain for the blackhat landing page and the page you want to look like your referrer. Just change the form action in the code to the different domain. That way if your AM googles your domain no blackhat stuff will show up as linking to it. Other than that, the code works fine as posted.

    If you understand PHP even minimally, you won't have any problem not only implementing it but understanding how it works.
     
  10. BadArticle

    BadArticle Junior Member

    Joined:
    Aug 10, 2009
    Messages:
    100
    Likes Received:
    29
    Home Page:
    In fact, the only problem for this code: the destination will see a ? symbol in url
    You should try my fake referer tool instead.
     
  11. thefish2010

    thefish2010 BANNED BANNED

    Joined:
    Jun 25, 2009
    Messages:
    668
    Likes Received:
    1,871
    Actually, they won't if you use the sample code that I posted (look a couple of messages up). It uses posts, not gets. No info is communicated in the URL. You should look at the code in the zip (I think its post_redirect2.zip).

     
    Last edited: Aug 21, 2009
  12. alex1

    alex1 Junior Member

    Joined:
    May 23, 2009
    Messages:
    123
    Likes Received:
    110
    Occupation:
    Software Developer
    Location:
    Toronto, Canada
    mmm... in the OP's code, it clearly says "method=get" so it uses GET as far as I could tell...

    OK, I tested it with GET in IE6 and in FF3 and results are different:

    a) IE6 - it DOES add the "/?" to the end of form's action url.
    b) FF3 - it does not add the "?"

    So GET only works as intended in FF3...

    Now let's try POST... OK, with POST it did not work at all and my IIS gave me the following error: HTTP 405 - Resource not allowed. Also, even if POST would work, the web server logs can show that it was POST request, and normal links are always GET, so it would reveal to curious affiliate admin that there is something going on.


    So I guess you need to use GET (not POST), and FORM ACTION to be your LOCAL URL, which should just do a server-side redirect to the affiliate link. That setup may work as OP intended, because HTTP 3xx redirect does not change referrer info, I assume.

    To test it, I need to find a site that would render a referrer info. Should take me few mins...
     
  13. warriorpoet

    warriorpoet Junior Member

    Joined:
    Oct 27, 2008
    Messages:
    115
    Likes Received:
    52
    LOL..damn straight!! Works as advertised.I love when something so simple was sitting right there in the open where no one could see it. Nice shareTheFish!! Danke!
     
  14. alex1

    alex1 Junior Member

    Joined:
    May 23, 2009
    Messages:
    123
    Likes Received:
    110
    Occupation:
    Software Developer
    Location:
    Toronto, Canada
    tested when FORM ACTION points to my redirect page, and it works

    (i.e. arrives to the final redirected page (your aff page) with proper referrer)

    Anyways, those who know some basic web dev, will figure it out by themselves.
     
  15. thefish2010

    thefish2010 BANNED BANNED

    Joined:
    Jun 25, 2009
    Messages:
    668
    Likes Received:
    1,871
    Ahem...I am the OP. What I said was that the SAMPLE code (a link to which I posted a couple messages up) uses Posts not gets. The original post used a get, and was meant to illustrate the concept only. Truth be told, I just about fell out of my chair when I realized it worked and posted the original post before I had fully developed the concept. Do you have any idea how powerful the ability to fully change a referrer really is? I had looked EVERYWHERE and there were all kinds of schemes with iframes, etc. and none of them actually faked the referrer without blanking across all browsers. A couple of days later, I wrote and posted the sample code (here: http://www.blackhatworld.com/blackhat-seo/cloaking-content-generators/105601-get-cross-browser-referrer-cloaking-script-doesnt-blank.html) which uses posts, covers you by checking keys, and does a final referrer check before sending anyone away. As far as I know, this is the first reliable way to actually fake a referrer (not just blank it) across all browsers. It doesn't depend on browser quirks/bugs - it uses the most basic tenets of HTML and HTTP. It should last for a very long time.

    Look at the link sample code. READ THE WHOLE THREAD.

    You DON'T post to the affiliate's site. That would be idiotic. You POST from the landing page, to the page that you want to be your referrer. Then, that page posts to a page that REDIRECTS to your affiliate. It's all in the SAMPLE code.

    I am tired of defending this to people who can't understand how it works. Implemented properly, the concept works every time, with every browser. If you don't understand it, then please feel free to not use it.


     
    Last edited: Aug 21, 2009
  16. sm00th

    sm00th Junior Member

    Joined:
    Aug 9, 2009
    Messages:
    166
    Likes Received:
    12
    ima try this asap

    btw: will this work for sending junk traffic? i went though about 6 different cloak sites and tried 4 different scripts and the click wont go through

    any help with that would REALLY be appreciated, i havent made any money in like 3 days cuz of this :(
     
  17. thefish2010

    thefish2010 BANNED BANNED

    Joined:
    Jun 25, 2009
    Messages:
    668
    Likes Received:
    1,871
    Depends on your junk traffic. If using bots, probably not because it requires the visitor to be doing one of two things: 1) having javascript enabled or 2) if javascript is disabled, clicking a giant submit button. I doubt most bots will do that. But, with any web browser (even autosurf traffic) it would work perfectly as long as they have javascript enabled on the browser.

     
  18. BadArticle

    BadArticle Junior Member

    Joined:
    Aug 10, 2009
    Messages:
    100
    Likes Received:
    29
    Home Page:
    For GET method, a ? will be there when destination url does not have a ?, for example, action="http://www.google.com/"

    For POST method, specially destination is IIS server, 405 error will appear when destination url ends will foloder, for example: action="http://www.somesite.com/folder/"

    I agree it's the basic idea about create a fake referer and it's also the fundamental of my Spoof HTTP Referer . But I use a intermedia to work these problem out.
     
  19. thefish2010

    thefish2010 BANNED BANNED

    Joined:
    Jun 25, 2009
    Messages:
    668
    Likes Received:
    1,871
    Yet another person who has failed to read the whole thread or look at my ACTUAL IMPLEMENTATION CODE!!

     
  20. raotnv

    raotnv Junior Member

    Joined:
    Jan 12, 2009
    Messages:
    155
    Likes Received:
    62
    This is really cool stuff. Initially I was confused and now I under stood clearly how to use it with my black hat methods.